VPN

I am unable to leave the DNS forwarder option turned on and resolve DNS queries properly (can't join the domain for instance). If I disable the forwarder (so that the machine directly gets the DNS server setup in General Setup on the monowall) everything works fine but I'd like to have the forwarder on to simplify setup.

I get the following error when trying to join the domain on a machine at a remote location connected to the main location (where the AD/DNS servers are) via IPSec links.:

"The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain main.local:

The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.main.local

The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

192.168.3.1"

Where 192.168.3.1 is the local monowall at the remote location. Is there something special that needs to be setup in monowall so that it forwards these requests over the IPSec link to the "main" location?

Thanks in advance,
Wes

You might try adding something like this to your config file under <dhcpd> <lan>

     <dnsserver>IP-address-of-PDC</dnsserver>
     <dnsserver>IP-address-of-BDC</dnsserver>
     <dnsserver>208.67.222.222</dnsserver>
     <dnsserver>208.67.220.220</dnsserver>

you should also be running WINS and add your WINS Server under the DHCP Server Config.

CS...

You need to setup domain forwarding to your AD DNS servers for your AD domain.

You may also need this, if your m0n0 needs to initiate traffic that will traverse the VPN.
http://doc.m0n0.ch/handbook/faq-snmpovervpn.html